these IP address should be stopped on the outside interface, except when they responses to traceroute and some type of ICMP.
${fwcmd} table 1 flush
${fwcmd} table 1 add 10.0.0.0/8
${fwcmd} table 1 add 172.16.0.0/12
${fwcmd} table 1 add 192.168.0.0/16
${fwcmd} add deny all from 'table(1)' to any in via ${oif}
No comments:
Post a Comment